ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.
Conclusion & alert: CVE-2010-0042 is rated Moderate Risk (47.7/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 2.52%). Core evidence: EPSS rose +1.50% over the last day, indicating growing attacker interest. Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 1.01% | 2.52% | +1.50% |
| 2 | 2025-03-17 | 0.68% | 1.01% | +0.34% |
| 3 | 2025-02-16 | — | 0.68% | — |
Full EPSS history (7 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.3 | 2.0 | MEDIUM |
|
8.6 | 2.9 | [email protected] |
: Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'ImageIO CVE-ID: CVE-2010-0042 Available for: Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may result in sending data from Safari's memory to the website Description: An uninitialized memory access issue exists in ImageIO's handling of TIFF images. Visiting a maliciously crafted website may result in sending data from Safari's memory to the website. This issue is addressed through improved memory handling and additional validation of TIFF images. Credit to Matthew 'j00ru' Jurczyk of Hispasec for reporting this issue.'
: Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/'
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| apple | safari | <= 4.0.4 | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
| apple | safari | 4.0 | cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:* |
| apple | safari | 4.0.0b | cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:* |
| apple | safari | 4.0.1 | cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:* |
| apple | safari | 4.0.2 | cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:* |
| apple | safari | 4.0.3 | cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:* |